<!-----------------------------------------------------------------------------
-- 2013 All rights reserved
-- Project codename: FROMCOMA 
-- Date: 20sept2013
-- Author: A.A
-- Description: upload page. 
-------------------------------------------------------------------------------
-- Changelog:
-- v0.1:	we're off.
-- 
------------------------------------------------------------------------------>
<?php 
/* Connecting to MySQL */
require 'sqlconn.inc.php';

/* Table */
$table = "items";
/* Query */
$result = mysql_query("SELECT * FROM $table ORDER BY date DESC");
$categories = mysql_query("SELECT * FROM categories ORDER BY id ASC");

/* Uploading script */
if( isset($_POST['upload']) ) // checking if form was submitted
{
	$content_dir = 'uploads/'; // folder to store the 
	$tmp_file = $_FILES['file']['tmp_name'];
	if( !is_uploaded_file($tmp_file) )
	{
		exit("Lost file");
	}
	// verifiying the extension
	$type_file = $_FILES['file']['type'];
	if( !strstr($type_file, 'jpg') & !strstr($type_file, 'jpeg') & !strstr($type_file, 'png') & !strstr($type_file, 'gif') )
	{
		exit("This is not an image");
	}
	// name test
	$name_file = $_FILES['file']['name'];
	if( preg_match('#[\x00-\x1F\x7F-\x9F/\\\\]#', $name_file) )
	{
		exit("File name not valid");
	}
    // copy the file into the uploads folder
	else if( !move_uploaded_file($tmp_file, $content_dir . $name_file) )
	{
		echo $tmp_file."<br>";
		echo $content_dir."<br>";
		echo $name_file."<br>";
				exit("Can't copy the file");

	}
	echo "File uploaded correctly<br>";
			echo $tmp_file;
		echo $content_dir;
		echo $name_file;
	// Insearting data into SQL database
	$sql = "INSERT INTO $table (title, url, category, date) VALUES ('$_POST[name]', '$name_file', '$_POST[category]', NOW())";
    mysql_query($sql) or die('Erreur SQL !'.$sql.'<br>'.mysql_error()); 
	echo "Item: $_POST[name] added!";
	
}

?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
        "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
 
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
	<title>FROMCOMA</title>
	<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
	<link rel="stylesheet" type="text/css" href="style.css" />

</head>
<body>
<h1>Upload Page.</h1>
<form action="upload.php" enctype="multipart/form-data" method="post">
<input name="file" size="30" type="file" /><br>
name: <input name="name" size="30" type="text" /><br>
Category: <select name="category"> 
<?php 
while($row = mysql_fetch_array($categories))
{
	$id = $row['id'];
	$name = $row['name'];
	echo "<option value='$id'>$id - $name</option>";
}
?>
</select><br>
<input name="upload" type="submit" value="Uploader" />
</form>
</body>
</html>